Over the past few months, OIT has seen a major rise in phishing attempts where malicious actors attempt to exploit money from UA employees. The emails appear to come from a supervisor or another organization leader, and the emails are directed to an employee in that organization or group. This scam has been occurring at UA for several months, beginning with senior leadership.
The emails begin by the malicious
actor engaging employees in an email-only conversation that attempts to convince
the employee to purchase gift cards. If you look closely, the “From:” email
address is not actually a ua.edu email address, but an alternative email
address the actor set up outside of UA. The email address may appear to
come from a UA contact, but it is usually a Gmail, AOL or other external email
address that includes the name of the supervisor or leader. Often, the emails
have poor spelling and grammar. Additionally, the emails are usually brief and
may only be a subject line. Below are a few examples of these emails.
Subject: Hi [NAME OF TARGET]
Are you in the office? If not
please i have an important errand i want you to run for me in the store right
[NAME OF THE SUPERVISOR OR
Subject: Hello Are you in compus
Are you available on campus
Do not be fooled by these phishing
emails. Remember to always look at the “From:” address to make sure it is an
actual supervisor or leader’s ua.edu email address. If you do receive an email
like this, please send a copy to firstname.lastname@example.org, and then delete the email.